Vendor Products CVEs KEV Avg EPSS Worst Severity 2 13 0 32.8% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2024-55456 lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell MEDIUM 6.5 — 30.4% Feb 3, 2025 CVE-2024-57724 lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell. MEDIUM 6.5 — 25.2% Jan 23, 2025 CVE-2024-57723 lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. MEDIUM 6.5 — 25.2% Jan 23, 2025 CVE-2024-57722 lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create. HIGH 7.5 — 35.2% Jan 23, 2025 CVE-2024-57721 lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. MEDIUM 6.5 — 25.2% Jan 23, 2025 CVE-2024-57720 lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. MEDIUM 6.5 — 25.2% Jan 23, 2025 CVE-2024-57719 lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0. MEDIUM 6.5 — 30.5% Jan 23, 2025 CVE-2024-33768 lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. CRITICAL 9.8 — 53.4% May 1, 2024 CVE-2024-33767 lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. MEDIUM 5.0 — 21.3% May 1, 2024 CVE-2024-33766 lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. MEDIUM 5.3 — 44.8% May 1, 2024 CVE-2024-33764 lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. MEDIUM 5.5 — 22.2% May 1, 2024 CVE-2024-33763 lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. HIGH 7.5 — 50.1% May 1, 2024 CVE-2023-44709 PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. CRITICAL 9.8 — 52.8% Dec 14, 2023